[GitHub] [fineract] woonys commented on a diff in pull request #3315: FINERACT-1724: Refactoring SQLInjectionValidator
woonys commented on code in PR #3315:
URL: https://github.com/apache/fineract/pull/3315#discussion_r1276002868
##
fineract-core/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java:
##
@@ -180,4 +143,17 @@ private static void patternMatchSqlInjection(String
sqlSearch, String lowerCaseS
}
}
+private static void validateSQLCommand(String lowerCaseSQL, String[]
commands, SQLCommandCondition SQLCondition) {
Review Comment:
@adamsaghy Thanks for review. I modified the name. Please check
##
fineract-core/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java:
##
@@ -180,4 +143,17 @@ private static void patternMatchSqlInjection(String
sqlSearch, String lowerCaseS
}
}
+private static void validateSQLCommand(String lowerCaseSQL, String[]
commands, SQLCommandCondition SQLCondition) {
Review Comment:
@adamsaghy Thanks for review. I modified the name. Please check
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@fineract.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [fineract] woonys commented on a diff in pull request #3315: FINERACT-1724: Refactoring SQLInjectionValidator
woonys commented on code in PR #3315:
URL: https://github.com/apache/fineract/pull/3315#discussion_r1276002164
##
fineract-core/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java:
##
@@ -180,4 +143,17 @@ private static void patternMatchSqlInjection(String
sqlSearch, String lowerCaseS
}
}
+private static void validateSQLCommand(String lowerCaseSQL, String[]
commands, SQLCommandCondition SQLCondition) {
+for (String command : commands) {
+if (SQLCondition.checkCondition(command, lowerCaseSQL)) {
+throw new SQLInjectionException();
+}
+}
+}
+
+private static void validateSQLCommands(String lowerCaseSQL,
List commandsList, SQLCommandCondition conditions) {
Review Comment:
@adamsaghy Yes, you're right. I changed it. Please check
##
fineract-core/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java:
##
@@ -180,4 +143,17 @@ private static void patternMatchSqlInjection(String
sqlSearch, String lowerCaseS
}
}
+private static void validateSQLCommand(String lowerCaseSQL, String[]
commands, SQLCommandCondition SQLCondition) {
+for (String command : commands) {
+if (SQLCondition.checkCondition(command, lowerCaseSQL)) {
+throw new SQLInjectionException();
+}
+}
+}
+
+private static void validateSQLCommands(String lowerCaseSQL,
List commandsList, SQLCommandCondition conditions) {
Review Comment:
@adamsaghy Yes, you're right. I changed it. Please check
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@fineract.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [fineract] woonys commented on a diff in pull request #3315: FINERACT-1724: Refactoring SQLInjectionValidator
woonys commented on code in PR #3315: URL: https://github.com/apache/fineract/pull/3315#discussion_r1276001660 ## fineract-core/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLCommandCondition.java: ## @@ -0,0 +1,5 @@ +package org.apache.fineract.infrastructure.security.utils; Review Comment: @adamsaghy Thanks for review. Please check the changes. ## fineract-core/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLCommandCondition.java: ## @@ -0,0 +1,5 @@ +package org.apache.fineract.infrastructure.security.utils; Review Comment: @adamsaghy Thanks for review. Please check the changes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@fineract.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
